This update addresses an issue where the 2017 and 2018 versions of Intuit QuickBooks Desktop can't run in multi-user mode on Windows 10, version 1803 devices. The QuickBooks multi-user mode service fails to start with error “Windows could not start the QuickBooksDBXX service on Local Computer." and “Error 193: 0xc1”.

The Microsoft Office Sustained Engineering TeamJune 12, 2018
The June 2018 Public Update releases for Office are now available! This month, there are 23 security updates and 22 non-security updates. All of the security and non-security updates are listed in KB article 4299875.

A new version of Office 2013 Click-To-Run is available: 15.0.5041.1001

A new version of Office 2010 Click-To-Run is available: 14.0.7210.5000

Microsoft has released its monthly security update, addressing a total of 51 CVE-listed security vulnerabilities.

The June edition of Patch Tuesday includes 11 fixes for critical vulnerabilities in Windows, including Microsoft's solution for the recently-disclosed Spectre Variant 4 chip design flaw.

Among the most serious bugs addressed this month is CVE-2018-8225, a remote code execution vulnerability present in the Windows DNSAPI. Microsoft says that the flaw would allow an attacker to take over the target system (either Windows or Windows Server) simply by sending a malformed DNS request.

swiatJune 12, 20180
Microsoft’s commitment to protecting customers from vulnerabilities in our products, services, and devices includes providing security updates that address these vulnerabilities when they are discovered. We understand that researchers have wanted better clarity around the security features, boundaries and mitigations which exist in Windows and the servicing commitments which come with them. We have drafted a document which better describes the criteria Microsoft Security Response Center (MSRC) uses when determining whether a reported vulnerability will be addressed through servicing, or in the next version of a product. We are sharing the draft copy with the research community and would like feedback before we make the final copy available online. We are primarily interested in feedback around our servicing policies and whether our criteria makes sense to you, the researcher.

We are moving to a rollup model for Windows Server 2008 SP2. The initial preview of the monthly quality rollup will be released on Tuesday, August 21, 2018.

Windows Server 2008 SP2 will now follow a similar update servicing model as later Windows versions, bringing a more consistent and simplified servicing experience. For those of you who manage Windows updates within your organization, it’s important that you understand the choices that will be available. [...]

Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. The June 19, 2018 releases of Microsoft Exchange Server contain fixes to the following vulnerabilities, which are described in:

The following software releases include updates to address the identified vulnerabilities. Product versions or releases that are not listed are past their support life cycle or must be updated to the appropriate June 19, 2018 release of Microsoft Exchange Server to receive the fixes for these vulnerabilities.

swiatJune 21, 2018
Today we’re announcing a change to the Mitigation Bypass Bounty that removes Control Flow Guard (CFG) from the set of in-scope mitigations. In this blog, we’ll provide additional background and explain why we’re making this change.